Date post: | 15-Apr-2017 |
Category: |
Technology |
Upload: | smau |
View: | 70 times |
Download: | 0 times |
Today’s problems
• Auditability• Job-hopping• Speed• Scalability• Horizontal scaling (IaaS ”cloud”)• Expected QoS
3
Today’s problems
• Auditability
• Job-hopping• Speed• Scalability• Horizontal scaling (IaaS ”cloud”)• Expected QoS
3
Today’s problems
• Auditability• Job-hopping
• Speed• Scalability• Horizontal scaling (IaaS ”cloud”)• Expected QoS
3
Today’s problems
• Auditability• Job-hopping• Speed
• Scalability• Horizontal scaling (IaaS ”cloud”)• Expected QoS
3
Today’s problems
• Auditability• Job-hopping• Speed• Scalability
• Horizontal scaling (IaaS ”cloud”)• Expected QoS
3
Today’s problems
• Auditability• Job-hopping• Speed• Scalability• Horizontal scaling (IaaS ”cloud”)
• Expected QoS
3
Today’s problems
• Auditability• Job-hopping• Speed• Scalability• Horizontal scaling (IaaS ”cloud”)• Expected QoS
3
Advantages
• Infrastructure as Code
• Code is the infrastructure documentation*• Simplify auditability
• Infrastructures with no humans with root powers• Easy and quick to scale out
4
Advantages
• Infrastructure as Code
• Code is the infrastructure documentation*• Simplify auditability
• Infrastructures with no humans with root powers• Easy and quick to scale out
4
Advantages
• Infrastructure as Code• Code is the infrastructure documentation*
• Simplify auditability
• Infrastructures with no humans with root powers• Easy and quick to scale out
4
Advantages
• Infrastructure as Code• Code is the infrastructure documentation*• Simplify auditability
• Infrastructures with no humans with root powers• Easy and quick to scale out
4
Advantages
• Infrastructure as Code• Code is the infrastructure documentation*• Simplify auditability
• Infrastructures with no humans with root powers
• Easy and quick to scale out
4
Advantages
• Infrastructure as Code• Code is the infrastructure documentation*• Simplify auditability
• Infrastructures with no humans with root powers• Easy and quick to scale out
4
Agent (pull) vs agent-less (push)
AgentAn Agent is a daemon that runs on every controlled machine and that will check withthe server (master) every N minutes to ensure that the host is aligned with the latestconfiguration version. If this is not the case, the Agent will download the lastestconfiguration version and apply it.
• Advantages
• High performance during commands execution• Connection between clients and server is client managed
• Disadvantages
• Forces the master to be in the least secure network segment• Resources are used even if no changes are being applied• More daemons to take care of• Chicken and Egg problem
5
Agent (pull) vs agent-less (push)
AgentAn Agent is a daemon that runs on every controlled machine and that will check withthe server (master) every N minutes to ensure that the host is aligned with the latestconfiguration version. If this is not the case, the Agent will download the lastestconfiguration version and apply it.
• Advantages
• High performance during commands execution• Connection between clients and server is client managed
• Disadvantages
• Forces the master to be in the least secure network segment• Resources are used even if no changes are being applied• More daemons to take care of• Chicken and Egg problem
5
Agent (pull) vs agent-less (push)
AgentAn Agent is a daemon that runs on every controlled machine and that will check withthe server (master) every N minutes to ensure that the host is aligned with the latestconfiguration version. If this is not the case, the Agent will download the lastestconfiguration version and apply it.
• Advantages
• High performance during commands execution• Connection between clients and server is client managed
• Disadvantages
• Forces the master to be in the least secure network segment• Resources are used even if no changes are being applied• More daemons to take care of• Chicken and Egg problem
5
Agent (pull) vs agent-less (push)
AgentAn Agent is a daemon that runs on every controlled machine and that will check withthe server (master) every N minutes to ensure that the host is aligned with the latestconfiguration version. If this is not the case, the Agent will download the lastestconfiguration version and apply it.
• Advantages• High performance during commands execution
• Connection between clients and server is client managed• Disadvantages
• Forces the master to be in the least secure network segment• Resources are used even if no changes are being applied• More daemons to take care of• Chicken and Egg problem
5
Agent (pull) vs agent-less (push)
AgentAn Agent is a daemon that runs on every controlled machine and that will check withthe server (master) every N minutes to ensure that the host is aligned with the latestconfiguration version. If this is not the case, the Agent will download the lastestconfiguration version and apply it.
• Advantages• High performance during commands execution• Connection between clients and server is client managed
• Disadvantages
• Forces the master to be in the least secure network segment• Resources are used even if no changes are being applied• More daemons to take care of• Chicken and Egg problem
5
Agent (pull) vs agent-less (push)
AgentAn Agent is a daemon that runs on every controlled machine and that will check withthe server (master) every N minutes to ensure that the host is aligned with the latestconfiguration version. If this is not the case, the Agent will download the lastestconfiguration version and apply it.
• Advantages• High performance during commands execution• Connection between clients and server is client managed
• Disadvantages
• Forces the master to be in the least secure network segment• Resources are used even if no changes are being applied• More daemons to take care of• Chicken and Egg problem
5
Agent (pull) vs agent-less (push)
AgentAn Agent is a daemon that runs on every controlled machine and that will check withthe server (master) every N minutes to ensure that the host is aligned with the latestconfiguration version. If this is not the case, the Agent will download the lastestconfiguration version and apply it.
• Advantages• High performance during commands execution• Connection between clients and server is client managed
• Disadvantages• Forces the master to be in the least secure network segment
• Resources are used even if no changes are being applied• More daemons to take care of• Chicken and Egg problem
5
Agent (pull) vs agent-less (push)
AgentAn Agent is a daemon that runs on every controlled machine and that will check withthe server (master) every N minutes to ensure that the host is aligned with the latestconfiguration version. If this is not the case, the Agent will download the lastestconfiguration version and apply it.
• Advantages• High performance during commands execution• Connection between clients and server is client managed
• Disadvantages• Forces the master to be in the least secure network segment• Resources are used even if no changes are being applied
• More daemons to take care of• Chicken and Egg problem
5
Agent (pull) vs agent-less (push)
AgentAn Agent is a daemon that runs on every controlled machine and that will check withthe server (master) every N minutes to ensure that the host is aligned with the latestconfiguration version. If this is not the case, the Agent will download the lastestconfiguration version and apply it.
• Advantages• High performance during commands execution• Connection between clients and server is client managed
• Disadvantages• Forces the master to be in the least secure network segment• Resources are used even if no changes are being applied• More daemons to take care of
• Chicken and Egg problem
5
Agent (pull) vs agent-less (push)
AgentAn Agent is a daemon that runs on every controlled machine and that will check withthe server (master) every N minutes to ensure that the host is aligned with the latestconfiguration version. If this is not the case, the Agent will download the lastestconfiguration version and apply it.
• Advantages• High performance during commands execution• Connection between clients and server is client managed
• Disadvantages• Forces the master to be in the least secure network segment• Resources are used even if no changes are being applied• More daemons to take care of• Chicken and Egg problem
5
Idempotence
DefinitionIdempotence is the property of certain operations in mathematics and computerscience, that can be applied multiple times without changing the result beyond theinitial application.
6
Chef
• Written in Ruby• Pull mode only• Advantages
• Very well integrated with git• Rich collection of available modules• Easy to install
• Disadvantages
• Code driven• Complex tool• Steep learning curve
7
Chef
• Written in Ruby
• Pull mode only• Advantages
• Very well integrated with git• Rich collection of available modules• Easy to install
• Disadvantages
• Code driven• Complex tool• Steep learning curve
7
Chef
• Written in Ruby• Pull mode only
• Advantages
• Very well integrated with git• Rich collection of available modules• Easy to install
• Disadvantages
• Code driven• Complex tool• Steep learning curve
7
Chef
• Written in Ruby• Pull mode only• Advantages
• Very well integrated with git• Rich collection of available modules• Easy to install
• Disadvantages
• Code driven• Complex tool• Steep learning curve
7
Chef
• Written in Ruby• Pull mode only• Advantages
• Very well integrated with git
• Rich collection of available modules• Easy to install
• Disadvantages
• Code driven• Complex tool• Steep learning curve
7
Chef
• Written in Ruby• Pull mode only• Advantages
• Very well integrated with git• Rich collection of available modules
• Easy to install
• Disadvantages
• Code driven• Complex tool• Steep learning curve
7
Chef
• Written in Ruby• Pull mode only• Advantages
• Very well integrated with git• Rich collection of available modules• Easy to install
• Disadvantages
• Code driven• Complex tool• Steep learning curve
7
Chef
• Written in Ruby• Pull mode only• Advantages
• Very well integrated with git• Rich collection of available modules• Easy to install
• Disadvantages
• Code driven• Complex tool• Steep learning curve
7
Chef
• Written in Ruby• Pull mode only• Advantages
• Very well integrated with git• Rich collection of available modules• Easy to install
• Disadvantages• Code driven
• Complex tool• Steep learning curve
7
Chef
• Written in Ruby• Pull mode only• Advantages
• Very well integrated with git• Rich collection of available modules• Easy to install
• Disadvantages• Code driven• Complex tool
• Steep learning curve
7
Chef
• Written in Ruby• Pull mode only• Advantages
• Very well integrated with git• Rich collection of available modules• Easy to install
• Disadvantages• Code driven• Complex tool• Steep learning curve
7
Puppet
• Written in Ruby• Mainly pull mode• Advantages
• Very large user base• High number of modules available
• Disadvantages
• Steep learning curve• Complex to setup
8
Puppet
• Written in Ruby
• Mainly pull mode• Advantages
• Very large user base• High number of modules available
• Disadvantages
• Steep learning curve• Complex to setup
8
Puppet
• Written in Ruby• Mainly pull mode
• Advantages
• Very large user base• High number of modules available
• Disadvantages
• Steep learning curve• Complex to setup
8
Puppet
• Written in Ruby• Mainly pull mode• Advantages
• Very large user base• High number of modules available
• Disadvantages
• Steep learning curve• Complex to setup
8
Puppet
• Written in Ruby• Mainly pull mode• Advantages
• Very large user base
• High number of modules available
• Disadvantages
• Steep learning curve• Complex to setup
8
Puppet
• Written in Ruby• Mainly pull mode• Advantages
• Very large user base• High number of modules available
• Disadvantages
• Steep learning curve• Complex to setup
8
Puppet
• Written in Ruby• Mainly pull mode• Advantages
• Very large user base• High number of modules available
• Disadvantages
• Steep learning curve• Complex to setup
8
Puppet
• Written in Ruby• Mainly pull mode• Advantages
• Very large user base• High number of modules available
• Disadvantages• Steep learning curve
• Complex to setup
8
Puppet
• Written in Ruby• Mainly pull mode• Advantages
• Very large user base• High number of modules available
• Disadvantages• Steep learning curve• Complex to setup
8
SaltStack
• Written in Python• Both push and pull mode• Advantages
• Very consistent use of YAML for input, output, and configs• Strong community• Highly scalable and resilient• Very good introspection tools
• Disadvantages
• Very complex to setup• Very steep learning curve
9
SaltStack
• Written in Python
• Both push and pull mode• Advantages
• Very consistent use of YAML for input, output, and configs• Strong community• Highly scalable and resilient• Very good introspection tools
• Disadvantages
• Very complex to setup• Very steep learning curve
9
SaltStack
• Written in Python• Both push and pull mode
• Advantages
• Very consistent use of YAML for input, output, and configs• Strong community• Highly scalable and resilient• Very good introspection tools
• Disadvantages
• Very complex to setup• Very steep learning curve
9
SaltStack
• Written in Python• Both push and pull mode• Advantages
• Very consistent use of YAML for input, output, and configs• Strong community• Highly scalable and resilient• Very good introspection tools
• Disadvantages
• Very complex to setup• Very steep learning curve
9
SaltStack
• Written in Python• Both push and pull mode• Advantages
• Very consistent use of YAML for input, output, and configs
• Strong community• Highly scalable and resilient• Very good introspection tools
• Disadvantages
• Very complex to setup• Very steep learning curve
9
SaltStack
• Written in Python• Both push and pull mode• Advantages
• Very consistent use of YAML for input, output, and configs• Strong community
• Highly scalable and resilient• Very good introspection tools
• Disadvantages
• Very complex to setup• Very steep learning curve
9
SaltStack
• Written in Python• Both push and pull mode• Advantages
• Very consistent use of YAML for input, output, and configs• Strong community• Highly scalable and resilient
• Very good introspection tools
• Disadvantages
• Very complex to setup• Very steep learning curve
9
SaltStack
• Written in Python• Both push and pull mode• Advantages
• Very consistent use of YAML for input, output, and configs• Strong community• Highly scalable and resilient• Very good introspection tools
• Disadvantages
• Very complex to setup• Very steep learning curve
9
SaltStack
• Written in Python• Both push and pull mode• Advantages
• Very consistent use of YAML for input, output, and configs• Strong community• Highly scalable and resilient• Very good introspection tools
• Disadvantages
• Very complex to setup• Very steep learning curve
9
SaltStack
• Written in Python• Both push and pull mode• Advantages
• Very consistent use of YAML for input, output, and configs• Strong community• Highly scalable and resilient• Very good introspection tools
• Disadvantages• Very complex to setup
• Very steep learning curve
9
SaltStack
• Written in Python• Both push and pull mode• Advantages
• Very consistent use of YAML for input, output, and configs• Strong community• Highly scalable and resilient• Very good introspection tools
• Disadvantages• Very complex to setup• Very steep learning curve
9
Ansible
• Written in Python• Mainly push mode• Advantages
• Infrastructure as Data (in YAML format)• Very gentle learning curve• Very simple setup• Balanced tool
• Disadvantages
• Not very good introspection tools• Community is young
10
Ansible
• Written in Python
• Mainly push mode• Advantages
• Infrastructure as Data (in YAML format)• Very gentle learning curve• Very simple setup• Balanced tool
• Disadvantages
• Not very good introspection tools• Community is young
10
Ansible
• Written in Python• Mainly push mode
• Advantages
• Infrastructure as Data (in YAML format)• Very gentle learning curve• Very simple setup• Balanced tool
• Disadvantages
• Not very good introspection tools• Community is young
10
Ansible
• Written in Python• Mainly push mode• Advantages
• Infrastructure as Data (in YAML format)• Very gentle learning curve• Very simple setup• Balanced tool
• Disadvantages
• Not very good introspection tools• Community is young
10
Ansible
• Written in Python• Mainly push mode• Advantages
• Infrastructure as Data (in YAML format)
• Very gentle learning curve• Very simple setup• Balanced tool
• Disadvantages
• Not very good introspection tools• Community is young
10
Ansible
• Written in Python• Mainly push mode• Advantages
• Infrastructure as Data (in YAML format)• Very gentle learning curve
• Very simple setup• Balanced tool
• Disadvantages
• Not very good introspection tools• Community is young
10
Ansible
• Written in Python• Mainly push mode• Advantages
• Infrastructure as Data (in YAML format)• Very gentle learning curve• Very simple setup
• Balanced tool
• Disadvantages
• Not very good introspection tools• Community is young
10
Ansible
• Written in Python• Mainly push mode• Advantages
• Infrastructure as Data (in YAML format)• Very gentle learning curve• Very simple setup• Balanced tool
• Disadvantages
• Not very good introspection tools• Community is young
10
Ansible
• Written in Python• Mainly push mode• Advantages
• Infrastructure as Data (in YAML format)• Very gentle learning curve• Very simple setup• Balanced tool
• Disadvantages
• Not very good introspection tools• Community is young
10
Ansible
• Written in Python• Mainly push mode• Advantages
• Infrastructure as Data (in YAML format)• Very gentle learning curve• Very simple setup• Balanced tool
• Disadvantages• Not very good introspection tools
• Community is young
10
Ansible
• Written in Python• Mainly push mode• Advantages
• Infrastructure as Data (in YAML format)• Very gentle learning curve• Very simple setup• Balanced tool
• Disadvantages• Not very good introspection tools• Community is young
10
Ansible terminology
• Host: Target of the execution• Module: Modules can control system resources, like services, packages, or files
(anything really), or handle executing system commands.• Module library: Default set of modules coming with Ansible basic installation• Task: An istance of a Module• Role: A way to abstract a collection of tasks that has a specific role and is
idempotent• Playbook: A collection of Tasks and Roles that could be idempotent (or not)
11
Ansible terminology
• Host: Target of the execution
• Module: Modules can control system resources, like services, packages, or files(anything really), or handle executing system commands.
• Module library: Default set of modules coming with Ansible basic installation• Task: An istance of a Module• Role: A way to abstract a collection of tasks that has a specific role and is
idempotent• Playbook: A collection of Tasks and Roles that could be idempotent (or not)
11
Ansible terminology
• Host: Target of the execution• Module: Modules can control system resources, like services, packages, or files
(anything really), or handle executing system commands.
• Module library: Default set of modules coming with Ansible basic installation• Task: An istance of a Module• Role: A way to abstract a collection of tasks that has a specific role and is
idempotent• Playbook: A collection of Tasks and Roles that could be idempotent (or not)
11
Ansible terminology
• Host: Target of the execution• Module: Modules can control system resources, like services, packages, or files
(anything really), or handle executing system commands.• Module library: Default set of modules coming with Ansible basic installation
• Task: An istance of a Module• Role: A way to abstract a collection of tasks that has a specific role and is
idempotent• Playbook: A collection of Tasks and Roles that could be idempotent (or not)
11
Ansible terminology
• Host: Target of the execution• Module: Modules can control system resources, like services, packages, or files
(anything really), or handle executing system commands.• Module library: Default set of modules coming with Ansible basic installation• Task: An istance of a Module
• Role: A way to abstract a collection of tasks that has a specific role and isidempotent
• Playbook: A collection of Tasks and Roles that could be idempotent (or not)
11
Ansible terminology
• Host: Target of the execution• Module: Modules can control system resources, like services, packages, or files
(anything really), or handle executing system commands.• Module library: Default set of modules coming with Ansible basic installation• Task: An istance of a Module• Role: A way to abstract a collection of tasks that has a specific role and is
idempotent
• Playbook: A collection of Tasks and Roles that could be idempotent (or not)
11
Ansible terminology
• Host: Target of the execution• Module: Modules can control system resources, like services, packages, or files
(anything really), or handle executing system commands.• Module library: Default set of modules coming with Ansible basic installation• Task: An istance of a Module• Role: A way to abstract a collection of tasks that has a specific role and is
idempotent• Playbook: A collection of Tasks and Roles that could be idempotent (or not)
11
Ansible infrastructure
+---------------------+| GIT Server |+---------------------+ .
| .| . +---------------------+V |-->| Controlled Host |
+---------------------+ | +---------------------+| Ansible Controller |-----|+---------------------+ | +---------------------+
|-->| Controlled Host |. +---------------------+.. 12
Infrastructure as Data
• Really simple to write• Even simpler to read• Only the bit important to you need to be written
13
Infrastructure as Data
• Really simple to write
• Even simpler to read• Only the bit important to you need to be written
13
Infrastructure as Data
• Really simple to write• Even simpler to read
• Only the bit important to you need to be written
13
Infrastructure as Data
• Really simple to write• Even simpler to read• Only the bit important to you need to be written
13
Example of syntax
---- hosts: all
become: Truetasks:- name: Ensure mysql is installed
yum:name: mysqlstate: present
- name: Ensure tom user is presentuser:
name: tomstate: present
14
Usual deployment process
• Automate few actions with Ansible Playbooks• Create Ansible Roles for the setup of a simple machine type• Rollout of the first machines completely managed with Ansible• Migration of all machines to Ansible
15
Usual deployment process
• Automate few actions with Ansible Playbooks
• Create Ansible Roles for the setup of a simple machine type• Rollout of the first machines completely managed with Ansible• Migration of all machines to Ansible
15
Usual deployment process
• Automate few actions with Ansible Playbooks• Create Ansible Roles for the setup of a simple machine type
• Rollout of the first machines completely managed with Ansible• Migration of all machines to Ansible
15
Usual deployment process
• Automate few actions with Ansible Playbooks• Create Ansible Roles for the setup of a simple machine type• Rollout of the first machines completely managed with Ansible
• Migration of all machines to Ansible
15
Usual deployment process
• Automate few actions with Ansible Playbooks• Create Ansible Roles for the setup of a simple machine type• Rollout of the first machines completely managed with Ansible• Migration of all machines to Ansible
15
Additional resources
• Laboratorio ICT, 14:00 - Workshop su come automatizzare l’IT con Ansible• Slides: https://slides.fale.io/20161025-en-ansible.pdf• Official documentation: http://docs.ansible.com• Videos: https://www.ansible.com/videos• Whitepapers: https://www.ansible.com/whitepapers• Ebooks: https://www.ansible.com/ebooks
16